<?php
/*******************************************************************************
*  Title: Help Desk Software HESK
*  Version: 2.2 from 9th June 2010
*  Author: Klemen Stirn
*  Website: http://www.hesk.com
********************************************************************************
*  COPYRIGHT AND TRADEMARK NOTICE
*  Copyright 2005-2010 Klemen Stirn. All Rights Reserved.
*  HESK is a registered trademark of Klemen Stirn.

*  The HESK may be used and modified free of charge by anyone
*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
*  By using this code you agree to indemnify Klemen Stirn from any
*  liability that might arise from it's use.

*  Selling the code for this program, in part or full, without prior
*  written consent is expressly forbidden.

*  Using this code, in part or full, to create derivate work,
*  new scripts or products is expressly forbidden. Obtain permission
*  before redistributing this software over the Internet or in
*  any other medium. In all cases copyright and header must remain intact.
*  This Copyright is in full effect in any country that has International
*  Trade Agreements with the United States of America or
*  with the European Union.

*  Removing any of the copyright notices without purchasing a license
*  is expressly forbidden. To remove HESK copyright notice you must purchase
*  a license for this script. For more information on how to obtain
*  a license please visit the page below:
*  https://www.hesk.com/buy.php
*******************************************************************************/

define('IN_SCRIPT',1);
define('HESK_PATH','../');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/database.inc.php');

hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();

/* Check permissions for this feature */
hesk_checkPermission('can_man_users');

/* Possible user features */
$hesk_settings['features'] = array(
'can_view_tickets',		/* User can read tickets */
'can_reply_tickets',	/* User can reply to tickets */
'can_del_tickets',		/* User can delete tickets */
'can_edit_tickets',		/* User can edit tickets */
'can_del_notes',		/* User can delete ticket notes posted by other staff members */
'can_change_cat',		/* User can move ticke to a new category/department */
'can_man_kb',			/* User can manage knowledgebase articles and categories */
'can_man_users',		/* User can create and edit staff accounts */
'can_man_cat',			/* User can manage categories/departments */
'can_man_canned',		/* User can manage canned responses */
'can_man_settings',		/* User can manage help desk settings */
'can_add_archive',		/* User can mark tickets as "Archived" */
'can_assign_self',		/* User can assign tickets to himself/herself */
'can_assign_others',	/* User can assign tickets to other staff members */
'can_view_ass_others',	/* User can view tickets that are assigned to other staff */
'can_run_reports',		/* User can run reports and see statistics */
);

/* Set default values */
$default_userdata = array(
	'name' => '',
	'nama_depan' => '',
	'nama_belakang' => '',
	'email' => '',
        'region' => '',
	'jenis_kelamin' => '',
	'hp' => '',
	'kkiregnum' => '',
	'sipregnum' => '',
	'provinsi' => '',
	'alamat' => '',
	'tempat_praktek' => '',
	'doc_graduate' => '',
	'specialisation' => '',
	'signature' => '',
	'isadmin' => 1,
	'categories' => array('1'),
	'features' => array('can_view_tickets','can_reply_tickets','can_change_cat','can_assign_self','can_view_ass_others'),
	'cleanpass' => '',
);

/* Use any set values, default otherwise */
foreach ($default_userdata as $k => $v)
{
	if (!isset($_SESSION['userdata'][$k]))
        {
            $_SESSION['userdata'][$k] = $v;
        }
}

$_SESSION['userdata'] = hesk_stripArray($_SESSION['userdata']);

/* What should we do? */
$action = isset($_REQUEST['a']) ? hesk_input($_REQUEST['a']) : '';
if ($action == 'new') {new_user();}
elseif ($action == 'edit') {edit_user();}
elseif ($action == 'save') {update_user();}
elseif ($action == 'remove') {remove();}
elseif ($action == 'view') {view_user();}
elseif ($action == 'accept') {
    $id = hesk_isNumber($_GET['id'],"$hesklang[int_error]: $hesklang[no_valid_id]");
    $sql = 'UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` SET `approval`="1" WHERE `id`='.hesk_dbEscape($id).' LIMIT 1';
    $result = hesk_dbQuery($sql);
    /* Format e-mail message for customer */
    $sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id` = \''.hesk_dbEscape($id).'\' LIMIT 1';
    $result = hesk_dbQuery($sql);
    $user = hesk_dbFetchAssoc($result);
    $msg = "
    Hi ".$user['nama_depan'].",  

    This is an automated email message.
    An doctor account has been created for you. You may now manage knowledgebase and respond to users tickets.

    Your log in details are :
    Username : ".$user['email']."

    Regards,
    Bamboomedia Support
    ";

    /* Send e-mail */
    $email = $user['email'];
    $headers = "From: $hesk_settings[noreply_mail]\n";
    $headers.= "Reply-to: $hesk_settings[noreply_mail]\n";
    $headers.= "Return-Path: $hesk_settings[webmaster_mail]\n";
    $headers.= "Content-type: text/plain; charset=".$hesklang['ENCODING'];
    @mail($email,"Bamboomedia Support Registration",$msg,$headers);
    
    // Process message
    hesk_process_messages($hesklang['user_accepted'],'manage_users.php','SUCCESS');
}
elseif ($action == 'reset_form')
{
	$_SESSION['edit_userdata'] = TRUE;
	header('Location: ./manage_users.php');
}
else {

/* If one came from the Edit page make sure we reset user values */

if (isset($_SESSION['save_userdata']))
{
	$_SESSION['userdata'] = $default_userdata;
    unset($_SESSION['save_userdata']);
}
if (isset($_SESSION['edit_userdata']))
{
	$_SESSION['userdata'] = $default_userdata;
    unset($_SESSION['edit_userdata']);
}

/* Print header */
require_once(HESK_PATH . 'inc/header.admin.inc.php');

/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>

</td>
</tr>
<tr>
<td>

<script language="Javascript" type="text/javascript"><!--
function confirm_delete()
{
if (confirm('<?php echo $hesklang['sure_remove_user']; ?>')) {return true;}
else {return false;}
}
function confirm_accept()
{
if (confirm('<?php echo $hesklang['sure_accept_user']; ?>')) {return true;}
else {return false;}
}
function confirm_deny()
{
if (confirm('<?php echo $hesklang['sure_reject_user']; ?>')) {return true;}
else {return false;}
}
//-->
</script>

<?php
/* This will handle error, success and notice messages */
hesk_handle_messages();
?>

<h3 align="center"><?php echo $hesklang['manage_users']; ?></h3>

<p><?php echo $hesklang['users_intro']; ?></p>

<div align="center">
<table border="0" width="100%" cellspacing="1" cellpadding="3" class="white">
<tr>
    <th class="admin_white"><b><i><?php echo $hesklang['name']; ?></i></b></th>
    <th class="admin_white"><b><i><?php echo $hesklang['email']; ?></i></b></th>
    <th class="admin_white"><b><i><?php echo $hesklang['region']; ?></i></b></th>
    <th class="admin_white"><b><i><?php echo $hesklang['administrator']; ?></i></b></th>
    <?php
        if ($hesk_settings['rating'])
        {
            ?>
            <th class="admin_white"><b><i><?php echo $hesklang['rating']; ?></i></b></th>
            <?php
        }
    ?>
    <th class="admin_white">&nbsp;</th>
</tr>

<?php
$sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users`,`'.hesk_dbEscape($hesk_settings['db_pfix']).'kota` WHERE id_kota=region AND `approval`="1" ORDER BY `id` ASC';
$result = hesk_dbQuery($sql);

$i=1;
while ($myuser=hesk_dbFetchAssoc($result))
{
    $color = $i ? 'admin_white' : 'admin_gray';
    $i	   = $i ? 0 : 1;

    if ($myuser['isadmin']) {
        $myuser['isadmin'] = '<font class="open">'.$hesklang['yes'].'</font>';
    } else {
        $myuser['isadmin'] = '<font class="resolved">'.$hesklang['no'].'</font>';
    }

    /* Deleting user with ID 1 (default administrator) is not allowed */
    $edit_code = '<a href="manage_users.php?a=edit&amp;id='.$myuser['id'].'"><img src="../img/edit.png" width="16" height="16" alt="'.$hesklang['edit'].'" title="'.$hesklang['edit'].'" border="0" /></a>';
    if ($myuser['id'] == 1)
    {
        $remove_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" border="0" />';
    }
    else
    {
        $remove_code = ' <a href="manage_users.php?a=remove&amp;id='.$myuser['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"><img src="../img/delete.png" width="16" height="16" alt="'.$hesklang['remove'].'" title="'.$hesklang['remove'].'" border="0" /></a>';
    }

    echo <<<EOC
    <tr>
    <td class="$color">$myuser[name]</td>
    <td class="$color"><a href="mailto:$myuser[email]">$myuser[email]</a></td>
    <td class="$color">$myuser[kota]</td>
    <td class="$color">$myuser[isadmin]</td>

EOC;

    if ($hesk_settings['rating'])
    {
            $alt = $myuser['rating'] ? sprintf($hesklang['rated'], sprintf("%01.1f", $myuser['rating']), ($myuser['ratingneg']+$myuser['ratingpos'])) : $hesklang['not_rated'];
            echo '<td class="'.$color.'" align="center" width="1"><img src="../img/star_'.(hesk_round_to_half($myuser['rating'])*10).'.png" width="85" height="16" alt="'.$alt.'" title="'.$alt.'" border="0" style="vertical-align:text-bottom" /></td>';
    }

    echo <<<EOC
    <td class="$color" style="text-align:center">$edit_code $remove_code</td>
    </tr>

EOC;
} // End while
?>
</table>
</div>
<br />
<hr />
        
<?php
    $sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users`,`'.hesk_dbEscape($hesk_settings['db_pfix']).'kota` WHERE id_kota=region AND `approval`="0" ORDER BY `id` ASC';
    $result = hesk_dbQuery($sql);
    if (hesk_dbNumRows($result) != 0)
    {
        echo"<h3 align=\"center\">";echo $hesklang['approve_users'];echo"</h3>

        <div align=\"center\">
        <table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"3\" class=\"white\">
        <tr>
            <th class=\"admin_white\"><b><i>";echo $hesklang['name']; echo"</i></b></th>
            <th class=\"admin_white\"><b><i>";echo $hesklang['email']; echo"</i></b></th>
            <th class=\"admin_white\"><b><i>";echo $hesklang['region']; echo"</i></b></th>
            <th class=\"admin_white\">&nbsp;</th>
        </tr>";
        $i=1;
        while ($myuser=hesk_dbFetchAssoc($result))
        {
            $color = $i ? 'admin_white' : 'admin_gray';
            $i	   = $i ? 0 : 1;

            if ($myuser['isadmin']) {
                $myuser['isadmin'] = '<font class="open">'.$hesklang['yes'].'</font>';
            } else {
                $myuser['isadmin'] = '<font class="resolved">'.$hesklang['no'].'</font>';
            }

            /* Deleting user with ID 1 (default administrator) is not allowed */
            $accept_code = '<a href="manage_users.php?a=accept&amp;id='.$myuser['id'].'" onclick="return confirm_accept();"><img src="../img/success.png" width="16" height="16" alt="'.$hesklang['accept'].'" title="'.$hesklang['accept'].'" border="0" /></a>';
            $view_code = '<a href="manage_users.php?a=view&amp;id='.$myuser['id'].'"><img src="../img/clip.png" width="16" height="16" alt="'.$hesklang['view_profile'].'" title="'.$hesklang['view_profile'].'" border="0" /></a>';
            if ($myuser['id'] == 1)
            {
                $remove_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" border="0" />';
            }
            else
            {
                $remove_code = ' <a href="manage_users.php?a=remove&amp;id='.$myuser['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_deny();"><img src="../img/delete_ticket.png" width="16" height="16" alt="'.$hesklang['remove'].'" title="'.$hesklang['remove'].'" border="0" /></a>';
            }

            echo <<<EOC
            <tr>
            <td class="$color">$myuser[name]</td>
            <td class="$color"><a href="mailto:$myuser[email]">$myuser[email]</a></td>
            <td class="$color">$myuser[kota]</td>
EOC;
            echo <<<EOC
            <td class="$color" style="text-align:center">$view_code $accept_code $remove_code</td>
            </tr>
EOC;
        } // End while
        echo"</table>
            </div>
            <br />
            <hr />";
    } // End if
?>


<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr>
			<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
			<td class="roundcornerstop"></td>
			<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
		</tr>
		<tr>
		<td class="roundcornersleft">&nbsp;</td>
		<td>
        <!-- CONTENT -->

<h3 align="center"><?php echo $hesklang['add_user']; ?></h3>

<p align="center"><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></p>

<form name="form1" action="manage_users.php" method="post">
        <table border="0" width="100%">
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['email']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="email" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['email']; ?>" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['password']; ?><font class="important"> * </font>:</td>
                <td><input type="password" name="password" size="40" maxlength="50" value="" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['repass']; ?><font class="important"> * </font>:</td>
                <td><input type="password" name="repass" size="40" maxlength="50" value="" /></td>
              </tr>
        </table>
            <hr />
            <!-- Department and priority -->
        <table border="0" width="100%">
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['firstname']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="firstname" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['nama_depan']; ?>" /></td>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['lastname']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="lastname" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['nama_belakang']; ?>" /></td>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['gender']; ?><font class="important"> * </font>:</td>
                <td>
                    <select name="gender">
                        <option value="1" <?php if(isset($_SESSION['userdata']['jenis_kelamin'])) { echo (($_SESSION['userdata']['jenis_kelamin']) == 1) ? 'selected="selected"' : ''; };?> ><?php echo $hesklang['male'];?></option>
                        <option value="2" <?php if(isset($_SESSION['userdata']['jenis_kelamin'])) { echo (($_SESSION['userdata']['jenis_kelamin']) == 2) ? 'selected="selected"' : ''; };?> ><?php echo $hesklang['female'];?></option>
                    </select>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['handphone']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="handphone" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['hp']; ?>" /></td>
               </tr> 
        </table>
            <hr />
        <table border="0" width="100%">
            <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['province']; ?><font class="important"> * </font>:</td>
                <td>
                    <select name="province" onchange="update_city('<?php echo HESK_PATH; ?>',this.options[this.selectedIndex].value)">
                        <?php
                        $query = 'SELECT * FROM hesk_propinsi';
                        $result = hesk_dbQuery($query);
                        while ($prov = hesk_dbFetchAssoc($result)) {
                            ?>
                            <option value="<?php echo $prov['id_propinsi']; ?>" <?php
                    if (isset($_SESSION['c_province'])) {
                        echo ($_SESSION['c_province'] == $prov['id_propinsi']) ? 'selected="selected"' : '';
                    }
                            ?> >
                                        <?php echo $prov['propinsi']; ?>
                            </option>
                        <?php } ?>
                    </select>
                </td>
            </tr>  
            <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['city']; ?><font class="important"> * </font>:</td>
                <td>
                    <select id="city-selection" name="city">
                        <?php
                        if (isset($_SESSION['c_province'])) {
                            $id_province = $_SESSION['c_province'];
                        } else {
                            $id_province = 7;
                        }
                        $query = 'SELECT * FROM hesk_kota WHERE id_propinsi=' . $id_province;
                        $result = hesk_dbQuery($query);
                        while ($city = hesk_dbFetchAssoc($result)) {
                            ?>
                            <option value="<?php echo $city['id_kota']; ?>" <?php
                                if (isset($_SESSION['c_city'])) {
                                    echo ($_SESSION['c_city'] == $city['id_kota']) ? 'selected="selected"' : '';
                                }
                            ?> >
                                        <?php echo $city['kota']; ?>
                            </option>
                        <?php } ?>
                    </select>
                </td>
            </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['address']; ?><font class="important"> * </font>: </td>
                <td><input type="text" name="address" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['alamat']; ?>" /></td>
               </tr>  
       </table>
            <hr />
        <table border="0" width="100%">
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['practice_site']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="practice_site" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['tempat_praktek']; ?>" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['kkiregnum']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="kkiregnum" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['kkiregnum']; ?>" /></td>
               </tr>  
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['sipregnum']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="sipregnum" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['sipregnum']; ?>" /></td>
               </tr>  
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['doc_graduate']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="doc_graduate" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['doc_graduate']; ?>" /></td>
               </tr> 
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['specialisation']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="specialisation" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['specialisation']; ?>" /></td>
               </tr>
                <tr>
                <td valign="top" width="200" style="text-align:right"><?php echo $hesklang['administrator']; ?><font class="important"> * </font>:</td>
                <td valign="top">
                    <label><input type="radio" name="isadmin" value="1" onclick="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label><br />
                        <label><input type="radio" name="isadmin" value="0" onclick="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label>

                        <div id="options" style="display: <?php echo ($_SESSION['userdata']['isadmin']) ? 'none' : 'block'; ?>;">
                        <table width="100%" border="0">
                                <tr>
                                <td valign="top" width="100" style="text-align:right;white-space:nowrap;"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></td>
                                <td valign="top">
                                <?php
                                $sql_private = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC';
                                $result = hesk_dbQuery($sql_private);
                                while ($row=hesk_dbFetchAssoc($result))
                                {
                                echo '<label><input type="checkbox" name="categories[]" value="' . $row['id'] . '" ';
                            if (in_array($row['id'],$_SESSION['userdata']['categories']))
                            {
                                echo ' checked="checked" ';
                            }
                            echo ' />' . $row['name'] . '</label><br /> ';
                                }

                                ?>
                        &nbsp;
                                </td>
                                </tr>
                                <tr>
                                <td valign="top" width="100" style="text-align:right;white-space:nowrap;"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></td>
                                <td valign="top">
                        <?php
                                foreach ($hesk_settings['features'] as $k)
                        {
                                echo '<label><input type="checkbox" name="features[]" value="' . $k . '" ';
                            if (in_array($k,$_SESSION['userdata']['features']))
                            {
                                echo ' checked="checked" ';
                            }
                            echo ' />' . $hesklang[$k] . '</label><br /> ';
                        }
                        ?>
                        &nbsp;
                                </td>
                                </tr>
                        </table>
                    </div>

                </td>
                </tr>
                <tr>
                    <td valign="top" width="200" style="text-align:right"><?php echo $hesklang['signature_max']; ?>:</td>
                    <td><textarea name="signature" rows="6" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea><br />
                    <?php echo $hesklang['sign_extra']; ?></td>
                </tr>
        </table>
        <hr />

<!-- Submit -->
<p align="center"><input type="hidden" name="a" value="new" />
<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
<input type="submit" value="<?php echo $hesklang['create_user']; ?>" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" />
|
<a href="manage_users.php?a=reset_form"><?php echo $hesklang['refi']; ?></a></p>

</form>

<p>&nbsp;</p>

		<!-- END CONTENT -->

        </td>
		<td class="roundcornersright">&nbsp;</td>
		</tr>
		<tr>
		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornersbottom"></td>
		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
		</tr>
	</table>

<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();

} // End else


/*** START FUNCTIONS ***/

function edit_user()
{
	global $hesk_settings, $hesklang, $default_userdata;

	$id = hesk_isNumber($_GET['id'],"$hesklang[int_error]: $hesklang[no_valid_id]");

        $_SESSION['edit_userdata'] = TRUE;

        if (!isset($_SESSION['save_userdata']))
        {
		$sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id`='.hesk_dbEscape($id).' LIMIT 1';
		$result = hesk_dbQuery($sql);
                $_SESSION['userdata'] = hesk_dbFetchAssoc($result);
                
                /* Store original username for display until changes are saved successfully */
                $_SESSION['original_user'] = $_SESSION['userdata']['user'];

                /* A few variables need special attention... */
                if ($_SESSION['userdata']['isadmin'])
                {
                        $_SESSION['userdata']['features'] = $default_userdata['features'];
                        $_SESSION['userdata']['categories'] = $default_userdata['categories'];
                }
                else
                {
                        $_SESSION['userdata']['features'] = explode(',',$_SESSION['userdata']['heskprivileges']);
                        $_SESSION['userdata']['categories'] = explode(',',$_SESSION['userdata']['categories']);
                }
                $_SESSION['userdata']['cleanpass'] = '';
        }

        /* Print header */
	require_once(HESK_PATH . 'inc/header.admin.inc.php');

	/* Print main manage users page */
	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
	?>

	</td>
	</tr>
	<tr>
	<td>

	<?php
            /* This will handle error, success and notice messages */
            hesk_handle_messages();
            
	?>
	<p class="smaller">&nbsp;<a href="manage_users.php" class="smaller"><?php echo $hesklang['manage_users']; ?></a> &gt; <?php echo $hesklang['editing_user'].' '.$_SESSION['original_user']; ?></p>

	<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr>
			<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
			<td class="roundcornerstop"></td>
			<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
		</tr>
		<tr>
		<td class="roundcornersleft">&nbsp;</td>
		<td>

	<h3 align="center"><?php echo $hesklang['editing_user'].' '.$_SESSION['original_user']; ?></h3>

	<p align="center"><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></p>

	<form method="post" action="manage_users.php">
        
	<!-- Contact info -->
	<table border="0" width="100%">
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['email']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="email" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['email']; ?>" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['password']; ?><font class="important"> * </font>:</td>
                <td><input type="password" name="password" size="40" maxlength="50" value="" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['repass']; ?><font class="important"> * </font>:</td>
                <td><input type="password" name="repass" size="40" maxlength="50" value="" /></td>
              </tr>
              <tr>
                    <td style="text-align:right" width="200"><?php echo $hesklang['profile_pic']; ?>:</td>
                    <td>
                    <?php if (file_exists($hesk_settings['server_path'] . '/img/uploads/d' . $_SESSION['userdata']['id'] . '.jpg')): ?>
                            <img class="profpic-img" src="<?php echo $hesk_settings['hesk_url']; ?>/img/uploads/d<?php echo $_SESSION['userdata']['id']; ?>.jpg" />
                    <?php else: ?>
                            <img class="profpic-img" src="<?php echo $hesk_settings['hesk_url']; ?>/img/uploads/nopic.jpg" />
                    <?php endif; ?>
                    </td>
                </tr>
                <tr>
                    <td style="text-align:right" width="200"></td>
                    <td><input type="file" name="profpic" size="40" /></td>
                </tr>
                <tr>
                    <td style="text-align:right" width="200"></td>
                    <td>Maximum size 50 Kb (jpg)</td>
                </tr>
        </table>
            <hr />
            <!-- Department and priority -->
        <table border="0" width="100%">
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['firstname']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="firstname" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['nama_depan']; ?>" /></td>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['lastname']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="lastname" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['nama_belakang']; ?>" /></td>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['gender']; ?><font class="important"> * </font>:</td>
                <td>
                    <select name="gender">
                        <option value="1" <?php if(isset($_SESSION['userdata']['jenis_kelamin'])) { echo (($_SESSION['userdata']['jenis_kelamin']) == 1) ? 'selected="selected"' : ''; };?> ><?php echo $hesklang['male'];?></option>
                        <option value="2" <?php if(isset($_SESSION['userdata']['jenis_kelamin'])) { echo (($_SESSION['userdata']['jenis_kelamin']) == 2) ? 'selected="selected"' : ''; };?> ><?php echo $hesklang['female'];?></option>
                    </select>
               </tr>
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['handphone']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="handphone" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['hp']; ?>" /></td>
               </tr> 
        </table>
            <hr />
        <table border="0" width="100%">
            <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['province']; ?><font class="important"> * </font>:</td>
                <td>
                    <select name="province" onchange="update_city('<?php echo HESK_PATH;?>',this.options[this.selectedIndex].value)">
                        <?php
                        $query = 'SELECT * FROM hesk_propinsi';
                        $result = hesk_dbQuery($query);
                        while ($prov = hesk_dbFetchAssoc($result)) {
                            ?>
                            <option value="<?php echo $prov['id_propinsi']; ?>" <?php echo ($_SESSION['userdata']['provinsi'] == $prov['id_propinsi']) ? 'selected="selected"' : '';?> >
                                <?php echo $prov['propinsi']; ?>
                            </option>
                        <?php } ?>
                    </select>
                </td>
            </tr>  
            <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['city']; ?><font class="important"> * </font>:</td>
                <td>
                    <select id="city-selection" name="city">
                        <?php
                        $id_province = $_SESSION['userdata']['provinsi'];
                        $query = 'SELECT * FROM hesk_kota WHERE id_propinsi=' . $id_province;
                        $result = hesk_dbQuery($query);
                        while ($city = hesk_dbFetchAssoc($result)) {
                            ?>
                            <option value="<?php echo $city['id_kota']; ?>" <?php echo ($_SESSION['userdata']['region'] == $city['id_kota']) ? 'selected="selected"' : ''; ?> >
                                <?php echo $city['kota']; ?>
                            </option>
                        <?php } ?>
                    </select>
                </td>
            </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['address']; ?><font class="important"> * </font>: </td>
                <td><input type="text" name="address" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['alamat']; ?>" /></td>
               </tr>
        </table>
        <hr />
        <table border="0" width="100%">
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['practice_site']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="practice_site" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['tempat_praktek']; ?>" /></td>
              </tr>
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['kkiregnum']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="kkiregnum" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['kkiregnum']; ?>" /></td>
               </tr>  
              <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['sipregnum']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="sipregnum" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['sipregnum']; ?>" /></td>
               </tr>  
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['doc_graduate']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="doc_graduate" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['doc_graduate']; ?>" /></td>
               </tr> 
               <tr>
                <td style="text-align:right" width="200"><?php echo $hesklang['specialisation']; ?><font class="important"> * </font>:</td>
                <td><input type="text" name="specialisation" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['specialisation']; ?>" /></td>
               </tr>
                <tr>
                <td valign="top" width="200" style="text-align:right"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></td>
                <td valign="top">
                    <label><input type="radio" name="isadmin" value="1" onclick="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label><br />
                        <label><input type="radio" name="isadmin" value="0" onclick="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label>

                        <div id="options" style="display: <?php echo ($_SESSION['userdata']['isadmin']) ? 'none' : 'block'; ?>;">
                        <table width="100%" border="0">
                                <tr>
                                <td valign="top" width="100" style="text-align:right;white-space:nowrap;"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></td>
                                <td valign="top">
                                <?php
                                $sql_private = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC';
                                $result = hesk_dbQuery($sql_private);
                                while ($row=hesk_dbFetchAssoc($result))
                                {
                                echo '<label><input type="checkbox" name="categories[]" value="' . $row['id'] . '" ';
                            if (in_array($row['id'],$_SESSION['userdata']['categories']))
                            {
                                echo ' checked="checked" ';
                            }
                            echo ' />' . $row['name'] . '</label><br /> ';
                                }

                                ?>
                        &nbsp;
                                </td>
                                </tr>
                                <tr>
                                <td valign="top" width="100" style="text-align:right;white-space:nowrap;"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></td>
                                <td valign="top">
                        <?php
                                foreach ($hesk_settings['features'] as $k)
                        {
                                echo '<label><input type="checkbox" name="features[]" value="' . $k . '" ';
                            if (in_array($k,$_SESSION['userdata']['features']))
                            {
                                echo ' checked="checked" ';
                            }
                            echo ' />' . $hesklang[$k] . '</label><br /> ';
                        }
                        ?>
                        &nbsp;
                        </td>
                        </tr>
	        </table>
	    </div>

	</td>
	</tr>
	<tr>
	<td valign="top" width="200" style="text-align:right"><?php echo $hesklang['signature_max']; ?>:</td>
	<td><textarea name="signature" rows="6" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea><br />
	<?php echo $hesklang['sign_extra']; ?></td>
	</tr>
	</table>

	<!-- Submit -->
	<p align="center"><input type="hidden" name="a" value="save" />
	<input type="hidden" name="userid" value="<?php echo $id; ?>" />
    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
	<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" />
    |
    <a href="manage_users.php"><?php echo $hesklang['dich']; ?></a></p>

	</form>

        </td>
		<td class="roundcornersright">&nbsp;</td>
		</tr>
		<tr>
		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornersbottom"></td>
		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
		</tr>
	</table>

	<?php
	require_once(HESK_PATH . 'inc/footer.inc.php');
	exit();
} // End edit_user()

function view_user()
{
	global $hesk_settings, $hesklang, $default_userdata;

	$id = hesk_isNumber($_GET['id'],"$hesklang[int_error]: $hesklang[no_valid_id]");
        
        
        $_SESSION['edit_userdata'] = TRUE;

        if (!isset($_SESSION['save_userdata']))
        {
		$sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id`='.hesk_dbEscape($id).' LIMIT 1';
		$result = hesk_dbQuery($sql);
                $_SESSION['userdata'] = hesk_dbFetchAssoc($result);
                
                /* Store original username for display until changes are saved successfully */
                $_SESSION['original_user'] = $_SESSION['userdata']['user'];

                /* A few variables need special attention... */
                if ($_SESSION['userdata']['isadmin'])
                {
                        $_SESSION['userdata']['features'] = $default_userdata['features'];
                        $_SESSION['userdata']['categories'] = $default_userdata['categories'];
                }
                else
                {
                        $_SESSION['userdata']['features'] = explode(',',$_SESSION['userdata']['heskprivileges']);
                        $_SESSION['userdata']['categories'] = explode(',',$_SESSION['userdata']['categories']);
                }
                $_SESSION['userdata']['cleanpass'] = '';
        }

        /* Print header */
	require_once(HESK_PATH . 'inc/header.admin.inc.php');

	/* Print main manage users page */
	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
	?>

	</td>
	</tr>
        <script language="Javascript" type="text/javascript">
            function confirm_accept()
            {
                if (confirm('<?php echo $hesklang['sure_accept_user']; ?>')) {return true;}
                else {return false;}
            }
            function confirm_deny()
            {
                if (confirm('<?php echo $hesklang['sure_reject_user']; ?>')) {return true;}
                else {return false;}
            }
        </script>
	<tr>
	<td>

	<?php
            /* This will handle error, success and notice messages */
            hesk_handle_messages();
            
	?>
	<p class="smaller">&nbsp;<a href="manage_users.php" class="smaller"><?php echo $hesklang['manage_users']; ?></a> &gt; <?php echo $hesklang['view_profile'].' '.$_SESSION['original_user']; ?></p>

	<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr>
			<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
			<td class="roundcornerstop"></td>
			<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
		</tr>
		<tr>
		<td class="roundcornersleft">&nbsp;</td>
		<td>

                <h3 align="center"><?php echo $hesklang['view_profile'].' '.$_SESSION['original_user']; ?></h3>

                <!-- Contact info -->
                <table border="0" width="100%">
                      <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['email']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['email']; ?></p></td>
                      </tr>
                      <tr>
                          <td style="text-align:right" width="200"><?php echo $hesklang['profile_pic']; ?>   :</td>
                          <td>
                            <p align="left">
                                <?php if (file_exists($hesk_settings['server_path'] . '/img/uploads/d' . $_SESSION['userdata']['id'] . '.jpg')): ?>
                                    <img class="profpic-img" src="../img/uploads/d<?php echo $_SESSION['userdata']['id']; ?>.jpg" />
                                <?php else: ?>
                                    <img class="profpic-img" src="../img/uploads/nopic.jpg" />
                                <?php endif; ?>
                            </p>
                          </td>
                      </tr>
                </table>
                    <hr />
                    <!-- Department and priority -->
                <table border="0" width="100%">
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['firstname']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['nama_depan']; ?></p></td>
                       </tr>
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['lastname']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['nama_belakang']; ?></p></td>
                       </tr>
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['gender']; ?>   :</td>
                        <td>
                            <p align="left"><?php if(isset($_SESSION['userdata']['jenis_kelamin'])) {
                                    if (($_SESSION['userdata']['jenis_kelamin']) == 1){
                                        echo $hesklang['male'];
                                    } else {
                                        echo $hesklang['female'];
                                    } 
                            }?>
                            </p>
                        </td>
                       </tr>
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['handphone']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['hp']; ?></p></td>
                       </tr> 
                </table>
                    <hr />
                <table border="0" width="100%">
                      <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['province']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['provinsi']; ?></p></td>
                      </tr>
                      <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['city']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['region']; ?></p></td>
                       </tr> 
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['address']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['alamat']; ?></p></td>
                       </tr>
                </table>
                    <hr />
                <table border="0" width="100%">
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['practice_site']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['tempat_praktek']; ?></p></td>
                      </tr>
                      <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['kkiregnum']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['kkiregnum']; ?></p></td>
                       </tr>  
                      <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['sipregnum']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['sipregnum']; ?></p></td>
                       </tr>  
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['doc_graduate']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['doc_graduate']; ?></p></td>
                       </tr> 
                       <tr>
                        <td style="text-align:right" width="200"><?php echo $hesklang['specialisation']; ?>   :</td>
                        <td><p align="left"><?php echo $_SESSION['userdata']['specialisation']; ?></p></td>
                       </tr>
                </table>

            <br />
            <hr />
            
            <!-- Accept -->
            <p align="center">
                <a href="manage_users.php?a=accept&amp;id=<?php echo $id; ?>" onclick="return confirm_accept();">
                    <button type="button" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');"><?php echo $hesklang['accept']; ?></button>
                </a>
                <a href="manage_users.php?a=remove&amp;id=<?php echo $id; ?>&amp;token=<?php echo hesk_token_echo(0); ?>" onclick="return confirm_deny();">
                    <button type="button" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');"><?php echo $hesklang['remove']; ?></button>
                </a>
            </p>
        </td>
		<td class="roundcornersright">&nbsp;</td>
		</tr>
		<tr>
		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
		<td class="roundcornersbottom"></td>
		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
		</tr>
	</table>

	<?php
	require_once(HESK_PATH . 'inc/footer.inc.php');
	exit();
} // End view_user()

function new_user() {
	global $hesk_settings, $hesklang;

	/* A security check */
	hesk_token_check($_POST['token']);

	$myuser = hesk_validateUserInfo();

        /* Categories and Features will be stored as a string */
        $myuser['categories'] = implode(',',$myuser['categories']);
        $myuser['features'] = implode(',',$myuser['features']);

        /* Check for duplicate usernames */
        $sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `email` = \''.hesk_dbEscape($myuser['email']).'\' LIMIT 1';
        $result = hesk_dbQuery($sql);
        if (hesk_dbNumRows($result) != 0)
        {
            hesk_process_messages($hesklang['email_exist'],$_SERVER['PHP_SELF']);
        }

        /* Admins will have access to all features and categories */
        if ($myuser['isadmin'])
        {
                    $myuser['categories'] = '';
                    $myuser['features'] = '';
        }

	$sql = "INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
            `name`,
            `nama_depan`,
            `nama_belakang`,
            `jenis_kelamin`,
            `email`,
            `pass`,
            `hp`,
            `tempat_praktek`,
            `alamat`,
            `region`,
            `provinsi`,
            `kkiregnum`,
            `sipregnum`,
            `doc_graduate`,
            `specialisation`,
            `signature`,
            `heskprivileges`,
            `categories`,
            `isadmin`
            ) VALUES (
            '".hesk_dbEscape($myuser['firstname'])." ".hesk_dbEscape($myuser['lastname'])."',
            '".hesk_dbEscape($myuser['firstname'])."',
            '".hesk_dbEscape($myuser['lastname'])."',
            '".hesk_dbEscape($myuser['gender'])."',
            '".hesk_dbEscape($myuser['email'])."',
            '".hesk_dbEscape($myuser['password'])."',
            '".hesk_dbEscape($myuser['handphone'])."',
            '".hesk_dbEscape($myuser['practice_site'])."',
            '".hesk_dbEscape($myuser['address'])."',
            '".hesk_dbEscape($myuser['region'])."',
            '".hesk_dbEscape($myuser['province'])."',
            '".hesk_dbEscape($myuser['kkiregnum'])."',
            '".hesk_dbEscape($myuser['sipregnum'])."',
            '".hesk_dbEscape($myuser['doc_graduate'])."',
            '".hesk_dbEscape($myuser['specialisation'])."',
            '".hesk_dbEscape($myuser['signature'])."',
            '".hesk_dbEscape($myuser['features'])."',
            '".hesk_dbEscape($myuser['categories'])."',
            '".hesk_dbEscape($myuser['isadmin'])."'
            )";

	$result = hesk_dbQuery($sql);

    unset($_SESSION['userdata']);

    hesk_process_messages(sprintf($hesklang['user_added_success'],$myuser['user'],$myuser['cleanpass']),'./manage_users.php','SUCCESS');
} // End new_user()



function update_user() {
	global $hesk_settings, $hesklang;

	/* A security check */
	hesk_token_check($_POST['token']);

        $_SESSION['save_userdata'] = TRUE;

	$tmp = hesk_isNumber($_POST['userid'],"$hesklang[int_error]: $hesklang[no_valid_id]");
        $_SERVER['PHP_SELF'] = './manage_users.php?a=edit&id='.$tmp;

	$myuser = hesk_validateUserInfo(0,$_SERVER['PHP_SELF']);
        $myuser['id'] = $tmp;

        /* Categories and Features will be stored as a string */
        $myuser['categories'] = implode(',',$myuser['categories']);
        $myuser['features'] = implode(',',$myuser['features']);

        /* Check for duplicate email */
	$sql = 'SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `email` = \''.hesk_dbEscape($myuser['email']).'\' LIMIT 1';
	$result = hesk_dbQuery($sql);
	if (hesk_dbNumRows($result) == 1)
	{
            $tmp = hesk_dbFetchAssoc($result);
            if ($tmp['id'] != $myuser['id'])
            {
                hesk_process_messages($hesklang['email_exist'],$_SERVER['PHP_SELF']);
            }
	}

        /* Admins will have access to all features and categories */
        if ($myuser['isadmin'])
        {
                    $myuser['categories'] = '';
                    $myuser['features'] = '';
        }

	$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET
        `name`='".hesk_dbEscape($myuser['firstname'])." ".hesk_dbEscape($myuser['lastname'])."',
        `nama_depan`='".hesk_dbEscape($myuser['firstname'])."',
        `nama_belakang`='".hesk_dbEscape($myuser['lastname'])."',
        `jenis_kelamin`='".hesk_dbEscape($myuser['gender'])."',
        `hp`='".hesk_dbEscape($myuser['handphone'])."',
        `tempat_praktek`='".hesk_dbEscape($myuser['practice_site'])."',
        `alamat`='".hesk_dbEscape($myuser['address'])."',
        `provinsi`='".hesk_dbEscape($myuser['province'])."',
        `region`='".hesk_dbEscape($myuser['region'])."',
        `kkiregnum`='".hesk_dbEscape($myuser['kkiregnum'])."',
        `sipregnum`='".hesk_dbEscape($myuser['sipregnum'])."',
        `doc_graduate`='".hesk_dbEscape($myuser['doc_graduate'])."',
        `specialisation`='".hesk_dbEscape($myuser['specialisation'])."',
        `email`='".hesk_dbEscape($myuser['email'])."',
        `signature`='".hesk_dbEscape($myuser['signature'])."',";
	if (isset($myuser['pass']))
	{
	    $sql .= "`pass`='".hesk_dbEscape($myuser['pass'])."',";
	}
	$sql .= "
        `categories`='".hesk_dbEscape($myuser['categories'])."',
        `isadmin`='".hesk_dbEscape($myuser['isadmin'])."',
        `heskprivileges`='".hesk_dbEscape($myuser['features'])."' WHERE `id`=".hesk_dbEscape($myuser['id'])." LIMIT 1";
	$result = hesk_dbQuery($sql);

        unset($_SESSION['save_userdata']);
        unset($_SESSION['userdata']);

    hesk_process_messages( $hesklang['user_profile_updated_success'],$_SERVER['PHP_SELF'],'SUCCESS');
} // End update_profile()


function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_users.php') {
	global $hesk_settings, $hesklang;

        $hesk_error_buffer = '';

	$myuser['firstname']		 = hesk_input($_POST['firstname']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_firstname'] . '</li>';
	$myuser['lastname']		 = hesk_input($_POST['lastname']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_lastname'] . '</li>';
	$myuser['email']                 = hesk_validateEmail($_POST['email'],'ERR',0) or $hesk_error_buffer .= '<li>' . $hesklang['enter_valid_email'] . '</li>';
        $myuser['region']                = hesk_input($_POST['city']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_your_region'] . '</li>';
        $myuser['handphone']                = hesk_input($_POST['handphone']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_handphone'] . '</li>';
        $myuser['gender']                = hesk_input($_POST['gender']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_gender'] . '</li>';
        $myuser['practice_site']                = hesk_input($_POST['practice_site']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_practice_site'] . '</li>';
        $myuser['address']                = hesk_input($_POST['address']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_haddress'] . '</li>';
        $myuser['province']                = hesk_input($_POST['province']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_province'] . '</li>';
        $myuser['kkiregnum']                = hesk_input($_POST['kkiregnum']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_kkiregnum'] . '</li>';
        $myuser['sipregnum']                = hesk_input($_POST['sipregnum']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_sipregnum'] . '</li>';
        $myuser['doc_graduate']             = hesk_input($_POST['doc_graduate']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_doc_graduate'] . '</li>';
        $myuser['specialisation']             = hesk_input($_POST['specialisation']) or $hesk_error_buffer .= '<li>' . $hesklang['enter_specialisation'] . '</li>';
        $myuser['signature']             = hesk_input($_POST['signature']);
	$myuser['isadmin']               = intval($_POST['isadmin']) ? 1 : 0;

    /* If it's not admin at least one category and fature is required */
    $myuser['categories']	= array();
    $myuser['features']		= array();

    if ($myuser['isadmin']==0)
    {
    	if (empty($_POST['categories']))
        {
			$hesk_error_buffer .= '<li>' . $hesklang['asign_one_cat'] . '</li>';
        }
        else
        {
			foreach ($_POST['categories'] as $tmp)
			{
				if ($tmp = intval($tmp))
				{
					$myuser['categories'][] = $tmp;
				}
			}
        }

    	if (empty($_POST['features']))
        {
			$hesk_error_buffer .= '<li>' . $hesklang['asign_one_feat'] . '</li>';
        }
        else
        {
			foreach ($_POST['features'] as $tmp)
			{
				if (in_array($tmp,$hesk_settings['features']))
				{
					$myuser['features'][] = $tmp;
				}
			}
        }
	}

	if (strlen($myuser['signature'])>255)
    {
    	$hesk_error_buffer .= '<li>' . $hesklang['signature_long'] . '</li>';
    }

    /* Password */
	$myuser['cleanpass'] = '';

	$newpass = hesk_input($_POST['password']);
	$passlen = strlen($newpass);

	if ($pass_required || $passlen > 0)
	{
        /* At least 5 chars? */
        if ($passlen < 5)
        {
        	$hesk_error_buffer .= '<li>' . $hesklang['password_not_valid'] . '</li>';
        }
        /* Check password confirmation */
        else
        {
        	$newpass2 = hesk_input($_POST['repass']);

			if ($newpass != $newpass2)
			{
				$hesk_error_buffer .= '<li>' . $hesklang['passwords_not_same'] . '</li>';
			}
            else
            {
                $myuser['password'] = hesk_Pass2Hash($newpass);
                $myuser['cleanpass'] = $newpass;
            }
        }
	}

    /* Save entered info in session so we don't loose it in case of errors */
	$_SESSION['userdata'] = $myuser;

    /* Any errors */
    if (strlen($hesk_error_buffer))
    {
    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
    	hesk_process_messages($hesk_error_buffer,$redirect_to);
    }

	return $myuser;

} // End hesk_validateUserInfo()


function remove() {
	global $hesk_settings, $hesklang;

	/* A security check */
	hesk_token_check($_GET['token']);

	$myuser = hesk_isNumber($_GET['id'],$hesklang['no_valid_id']);

    /* You can't delete the default user */
	if ($myuser == 1)
    {
    	#hesk_error($hesklang['cant_del_admin']);
        hesk_process_messages($hesklang['cant_del_admin'],'./manage_users.php');
    }

    /* You can't delete your own account (the one you are logged in) */
	if ($myuser == $_SESSION['id'])
    {
    	#hesk_error($hesklang['cant_del_own']);
        hesk_process_messages($hesklang['cant_del_own'],'./manage_users.php');
    }

    /* Un-assign all tickets for this user */
    $sql = 'UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'tickets` SET `owner`=NULL WHERE `owner`='.hesk_dbEscape($myuser).' ';
    $res = hesk_dbQuery($sql);

    /* Delete your info */
	$sql = 'DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id`='.hesk_dbEscape($myuser).' LIMIT 1';
	$res = hesk_dbQuery($sql);
	if (hesk_dbAffectedRows() != 1)
    {
    	#hesk_error("$hesklang[int_error]: $hesklang[user_not_found].");
        hesk_process_messages($hesklang['int_error'].': '.$hesklang['user_not_found'],'./manage_users.php');
    }

    hesk_process_messages($hesklang['sel_user_removed'],'./manage_users.php','SUCCESS');
} // End remove()